ICD Brief 41.

15.05.2017. – 21.05.2017.

Welcome to a packed edition filled with new approaches and unexpected consequences from cyber threats. Leaders and their advisors are getting down to business. The virtual is losing its fear factor. Collaboration and cooperation are rampant.

I began this weekly update a year ago to learn more about what was working in a universe of vulnerabilities and unending announcements of inability to protect. It is a pro bono contribution to colleagues and friends in 42 countries who are simply interested in the subject. If it’s not your cup of tea, please just unsubscribe. In the near future, we will add original content and discussions online and in real time roundtables. Stay tuned!

USA

“Sean Field, Special Counsel, reports from on the ground at the first day of the National Institute of Standards and Technology (NIST) Cybersecurity Framework Workshop being held in Gaithersburg, Maryland, USA on 16 May 2017”

“The Department of Homeland Security‘s Science and Technology Directorate and its partner agencies from the Netherlands will invest up to $2.6 million in collaborative cybersecurity research projects. DHS S&T will collaborate with the Netherlands’ organization for scientific research and national cyber security centre in efforts increase research and development collaboration between cybersecurity researchers from both countries, the department said Wednesday.”

“A Carmel-based cybersecurity firm will assist the FBI and Department of Homeland Security this year at the Indianapolis 500 by monitoring online chatter for digital and physical threats. “Our objective is to protect people,” Rook Security Director of Security Operations Tom Gorup said. “We will be monitoring dark web sites, hacker forums as well as social media outlets for potential attacks against the Indianapolis Motor Speedway from digital perspective and physical perspective.””

“A bill proposed in Congress on Wednesday would require the U.S. National Security Agency to inform representatives of other government agencies about security holes it finds in software like the one that allowed last week’s “ransomware” attacks. Under former President Barack Obama, the government created a similar inter-agency review, but it was not required by law and was administered by the NSA itself.”

“On May 11, 2017, President Trump signed a long-awaited Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (the “Executive Order”), which directs federal government agencies to take certain steps to strengthen the cybersecurity of both federal networks and critical infrastructure. The Executive Order builds on previous Obama-era executive orders and presidential policy directives regarding the cybersecurity of both public and private sector networks.”

Australia

“Cyber security experts entering the fray will represent some of Australia’s largest and highest-profile government departments: Human Services, Immigration, Defence, the AFP and the Australian Taxation Office. The war games, devised by the DHS, are designed to push the technical prowess and critical thinking of APS staff as hacking attacks grow more disruptive.”

“It’s now a year since the launch of the Australian Cyber Security Strategy. Could progress be better? Of course. But the progress is good. Actually, it’s great. The collaboration between government and the private sector has had a fresh wind touch its sails and the level of cyber security collaboration between many of Australia’s largest organisations is at an unprecedented level. The recent global wave of ransomware, variously termed WannaCry or WannaCrypt, was a live-fire exercise for testing the efficacy of this collaboration.”

China

“China is considering delaying contentious cybersecurity rules set to go into effect in June amid pushback from international groups, Reuters reported. Earlier this week, dozens of organizations from numerous countries and sectors wrote to the Cyberspace Administration of China of their “significant concerns” with parts of the new law, asking that it be delayed. The Cyberspace Administration of China then organized a meeting with representatives of international technology companies and others on Friday, Reuters reported, to propose adjustments to implementation of parts of the law.”

Germany

“The Bundesgerichtshof Federal Court of Justice (BGH) made a ruling Tuesday in a case that dates back nearly a decade. The BGH ruled that IP information of an internet user may be retained beyond the period the user visited a specific web site if retaining the IP information was necessary to defend and investigate cyberattacks. This is only permissible if the site is prone to cyberattacks. Further clarification is needed to determine which sites are considered to be at high risk of an attack.”

India

“A major lesson was recently learnt when 99 countries were under the radar of a ransomware attack on more than 75,000 machines. The major setback is led by a young piece of ransomware names WanaCrypt0r, which has been infecting the machines severely since this Friday. To understand the current situation and where does India stand with its existing cyber security posture, we caught up with Pradipto Chakrabarty, Regional Director, CompTIA –a computing technology industry association. Is the current cyber security setup in India robust enough to tackle crisis like the latest ransomware threat?”

Israel

“Cyber threats will be among the issues on the table when Defence Minister Christoforos Fokaides pays an official visit to Israel later on Monday during which he will also discuss with his Israeli counterpart Avigdor Liebrman terrorism, maritime and energy security and bilateral issues. The defence ministry said Fokaides and Lieberman will review the implementation of the Bilateral Military Cooperation Programme between the two countries and will discuss the latest developments regarding the regional security environment and combating terrorism. Moreover their agenda will include issues regarding maritime and energy security and cyber threats.”

NATO

“Cooperation in the field of countering cyber security risks has been at the heart of talks in Rabat between Morocco’s Minister Delegate in charge of the Administration of National Defense Abdeltif Loudiyi and Assistant to NATO’s Secretary General in charge of emerging risks Sorin Ducaru. The two officials examined future cooperation prospects in the field of cyber security, notably through the exchange of expertise and training, the Administration of National Defense said in a statement.”

Russia

“Russia is urging to introduce a general set of cyber security rules, Secretary of Russia’s Security Council Nikolai Patrushev said in an interview with Rossiya-24 TV Channel on Friday. “We are interested in the elaboration of the common rules of behavior in the information space,” he said. “In this regard, not all agree, of course,” he added. According to Patrushev, there are countries, which believe that they can solve particular tasks on their own but bearing in mind that they can exert certain influence. These states do not agree so far that common rules should be elaborated, he added.”

“The country had the largest number of computers infected in the massive cyberattack that has swept across the globe since Friday, according to security firm Kaspersky Lab. Avast, an antivirus company, said more than half of the 200,000 attacks it tracked targeted Russian users. Experts said that Russia is particularly vulnerable to this kind of attack because of its aging computing infrastructure and lax approach to cybersecurity. There is also a huge amount of pirated software in circulation.”

Slovakia

“With more frequent cyberattacks around the world, Slovakia is preparing a law on cyber security. It aims to discuss it with the NATO Excellency Centre, said country’s Deputy PM for Investments and Informatisation Peter Pellegrini, during his two-day working trip to Tallin, Estonia. “Serious decisions await Slovakia at the moment,” Pellegrini said while visiting the Tallin-based NATO Excellency Centre for Cooperative Cyber Security, as quoted by the TASR newswire. “We’re witnessing an ever higher intensity of cyber attacks, most recently this past weekend, and that’s why we have to draw up a new law on cyber security, that is currently on the table.””

UK

“The UK government believes collaboration between the public and private sectors is critical to success in cyber security. Governments can lead the way, but they cannot deal with cyber threats alone, according to Mark Sayers, deputy director, cyber and government security directive, at the Home Office.”

UN

“A United Nations cybersecurity expert says that cybercrime is ultimately preventable, and that the internet – even the hidden so-called ‘dark net’ – has very good elements to it. That may seem difficult to believe for people in the 150 countries hit by the ‘WannaCry’ ransomware, some of whom have had to pay hundreds of dollars in digital currency, Bitcoin, to get back photos of their families and other files on their laptops, or the families unable to board a train in Germany or see a doctor in the United Kingdom.”

Insurance

“Global ratings agency Fitch Ratings has said that it expects the cyber insurance market to grow in the wake of the global cyberattack launched last week, but has urged “a cautious approach”. In a new briefing issued by the ratings agency, the firm said that, while tallying the costs of the global ransomware attack will take time, the cyber insurance market could be set for growth.”

“Companies without cyber insurance are dusting off policies covering kidnap, ransom and extortion in the world’s political hotspots to recoup losses caused by ransomware viruses such as “WannaCry”, insurers say. Cyber insurance can be expensive to buy and is not widely used outside the United States, with one insurer previously describing the cost as $100,000 for $10 million in data breach insurance.”

“Do IT experts and senior managers have a “failure to communicate”? Earlier this year, the Ponemon Institute issued the research report, The Cost & Consequences of Security Complexity [registration required]. One of the report’s findings is that the growing complexity of the security technology world has resulted in “difficulty in communicating the organization’s security strategy and approach to deal with cyber threats to senior management.” Of the IT specialists Ponemon polled, 67% agreed that their companies’ approach to dealing with cyber threats “is too complex to explain to senior executives.”

Feature

“ALM Intelligence’s second annual cybersecurity study has found that vulnerabilities in law firms’ internal data security present an unprecedented existential threat. On the other hand, increasing corporate demand for legal expertise in information security, compliance, and incident response presents a lucrative opportunity. This report discusses the research findings and their implications, outlines information about the changing cybersecurity landscape, and offers guidance for law firms in ensuring cybersecurity preparedness.”

“The massive attack of the ‘WannaCry’ ransomware virus that infected computers around the world prompted a Monday surge in cybersecurity stocks as investors sought safety. Although the attack appeared to slow as the work week opened, investors reacted as a few major companies reported new computer problems potentially related to the outbreak that began Friday. The malware affected computers in at least 150 countries, according to a report by the European Union’s Europol law enforcement agency.”

“Governments turned their attention to a possible new wave of cyber threats on Tuesday after the group that leaked U.S. hacking tools used to launch the global WannaCry “ransomware” attack warned it would release more malicious code. The fast-spreading cyber extortion campaign, which has infected more than 300,000 computers worldwide since Friday, eased for the second day on Tuesday, but the identity and motive of its creators remain unknown.”

“It used to be that I could only look up to Russia (whether I agree with them or not) for conducting advanced information operations in the cyber world. Now, I can look up to Emmanuel Macron and the anonymous security professionals behind him. Finally, someone uses cyber deception to beat attackers at their own game. I am not alone, and Cymmetria’s ideas have been vindicated yet again. Let’s quickly go over what happened, and then analyze the operation and why it is so…well, cool. Regardless of what actually happened, one of the major lessons of cyber security, as learned in Estonia a decade ago and endless times since, is that what people perceive matters as much if not more so than what the technical details of any attack may have actually been. The motivation for the attack can be political or otherwise, but it must be analyzed in context.”